Hacker News new | past | comments | ask | show | jobs | submit login

Tho a counter-point can be made to the end that communication providers have been mandated to give law-enforcement special surveillance access for decades already, when most of it was analog. In most countries, these laws are still in effect, and in many there are very much like "API specifications".

On that end there's the inherent expectation of "If we can do it with analog phone, why can't we do it with digital?" by law&order politics. Another big part is also the false assumption that people have a perfect right to privacy.

In theory, people may have a right to privacy, but in practice, communication providers which actually facilitate communication are also bound by government actions [0].

[0] https://en.wikipedia.org/wiki/National_security_letter






Tho a counter-point can be made to the end that communication providers have been mandated to give law-enforcement special surveillance access for decades already, when most of it was analog.

But the counter to that counter-argument is that the traditional methods of interception had a significant practical cost and therefore an incentive to use them only when there was a legitimate interest in doing so. In our digital world, governments are trying to get access to everything on everyone.

Moreover, so far we have mostly been talking about threats due to reading data. To the extent that adverse changes are being effected as a result of attacks, most of them are probably being made using genuine credentials, which were themselves compromised.

However, the kinds of weaknesses we're talking mandating in encrypted communications would potentially also allow hostile actors to impersonate others and change the data directly. It doesn't take a genius to predict that this would create a future where everything in our ever-more-connected world is under threat, from financial transactions to medical instructions, from criminal records and intelligence profiles to control signalling for networked self-driving vehicles and essential utility supplies.


> But the counter to that counter-argument is that the traditional methods of interception had a significant practical cost and therefore an incentive to use them only when there was a legitimate interest in doing so.

The large scale surveillance also existed in the analog time see the GDR or programs like ECHELON.

That's why for many politicians this is supposedly only an issue of "scaling up", which has also been happening [0] and then got blown wide open with Snowden revealing PRISM&co.

This hostility to cryptography is also anything but new: Cryptography in many countries is still subject to strict regulations and has been for decades [1], while intelligence agencies like the NSA do spend quite some efforts in undermining even the process of standardization [2].

Let's also not forget that for a really long time the majority of the Internet didn't even use any TLS for most of its traffic, once we got https rolled out somewhat widespread, guess what happened? Hearthbleed, weird how that went down.

Feels more like they want to legalize a whole lot of what's been going on anyway. Maybe I'm just paranoid, but at this point, it's difficult not to be.

[0] https://en.wikipedia.org/wiki/Utah_Data_Center

[1] http://www.treachery.net/~jdyson/crypto/tattoo.html

[2] https://www.nytimes.com/2013/09/06/us/nsa-foils-much-interne...


I wouldn't event say it was a cost issue. It was much more security through fences. When hardly any systems were connected together it was far more difficult for the non-authorities to access information, especially at the scale we are seeing today. You really needed to be able to infiltrate multiple systems simultaneously to get the kind of access you can now with a simple internet connection.

It makes the argument extremely ignorant when you realize we didn't have this problem in the past because it was just too difficult.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: